Qubes security domains don't necessarily help solve this problem because really the problem is how your web browsers are configured.
So a tracking company can't link your browsing activity between Qubes domains -- your "personal" traffic and "work" traffic might look like two separate people -- but within one of those domains, they can still track you, and do all of those tricks. If you want web privacy, you'll have to configure your browser within Qubes the same way you have to outside of Qubes. Or, you can do all of your browser in DisposableVMs. Or use Tor Browser, which has taken many steps to prevent browser tracker as a design goal. On 09/18/2017 09:43 AM, jes...@gmail.com wrote: > In the past I have used a Firefox plugin called "Better Privacy" to try to > push back against multi-front user fingerprinting and analysis mechanisms > such as the kind used by large advertising and user demographics companies > which include the abuse of Flash LSOs, HTML5 local storage, Silverlight, et > al to confirm that the same user is browsing along a website or a distributed > ad network even when they "clear private data" or use incognito mode, even > when they switch to different browsers installed on the same machine, even if > they're using coffee shop wifi or VPNs so that they appear from different IP > addresses, etc. > > The take home being that it only takes one (1) fingerprint hit through one > (1) of the avenues available to tracking organizations to confirm that they > are dealing with the same end-user (or household unit, or something close > enough to pad their toxic dossier with) and thus to link every cookie > fingerprint that they know for this user across both domains under the same > umbrella. > > A pretty thorough look at all of the strategies that I am at least aware of > can be had at this url: > https://www.chromium.org/Home/chromium-security/client-identification-mechanisms > > So I am curious to what extent Qubes security domains may be sufficiently > complete as to defeat potentially all of these mechanisms simultaneously? > Especially if end-user configures one or more domains to pipe all network > traffic over a VPN or tor to additionally differentiate their IP address? > > I am especially interested to hear about how Qubes security domains interact > with Flash LSOs, and .. whatever-it-is that Silverlight and other > multi-browser plugins do, and whether *that* data leaks between domains. :/ > > Thank you for any insight you guys may have on this matter, as it sounds like > it speaks directly to Qubes primary mission goals of security by > compartmentalization. :D > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3e9cdccf-488c-fa1e-2bf0-b70c835108c5%40micahflee.com. For more options, visit https://groups.google.com/d/optout.